I mean PGP key IDs, both long (64 bits) and short (32 bits). Even enumerating 2^32 keys takes considerable effort (try!). A 32-bit key ID is not more difficult to remember than a telephone number, although definitely more difficult than a domain name or an email address. If your system is well designed, a 32 bit key ID will be a securely transferable, self-authenticating (free from global control) and easy-to-remember identifier, albeit a little bit of a compromise an all accounts.
Also, the ability to generate keys with the same 32-bit identifier does not necessarily compromise the security of the whole system. There can be more than one security measure in place in such a way that none of them is critical by itself.
Remembering 64 bits is considerably more difficult. However, it is completely unfeasible to enumerate for the purposes of an attack excepting extreme cases when enormous resources can be marshalled for the purpose.
V3 keys are obsolete and should not be used. (Wow, you still use a V2 key!)
Your long key ID is 0x40034F5712F7E63D. Every PGP key has both a short and a long key ID and you can refer to either, depending on the security needs of the moment.
A good solution may be to use as many digits of the fingerprint (key IDs for V4 keys are just the tail of the fingerprint) as the user desires. Good security systems let their users make the decisions on security trade-offs.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
Re: Zooko's triangle
Date: 2007-03-01 08:41 am (UTC)Also, the ability to generate keys with the same 32-bit identifier does not necessarily compromise the security of the whole system. There can be more than one security measure in place in such a way that none of them is critical by itself.
Remembering 64 bits is considerably more difficult. However, it is completely unfeasible to enumerate for the purposes of an attack excepting extreme cases when enormous resources can be marshalled for the purpose.
V3 keys are obsolete and should not be used. (Wow, you still use a V2 key!)
Your long key ID is 0x40034F5712F7E63D. Every PGP key has both a short and a long key ID and you can refer to either, depending on the security needs of the moment.
A good solution may be to use as many digits of the fingerprint (key IDs for V4 keys are just the tail of the fingerprint) as the user desires. Good security systems let their users make the decisions on security trade-offs.